On Friday 2011-06-17 16:44, andrey wrote: > Hello, > > I have tried to classify pcap files using layer7 userspace filter. > In order to do that I need to set a rule in iptables that QUEUE the traffic. > Since iptables does not read pcap files, I have used tcpreplay to replay the > traffic form the pcap file. > tcpreplay is replaying the data from the pcap file on the interface card. > I have checked with wireshark if the packets get through and they do. > My problem is that iptables seems to not receive the packets. > What could be the problem? Do the packets get dropped somewhere? AF_PACKET sockets bypass Netfilter. (Which is why, on the receive paths, you still see packets with tcpdump despite having applied an iptables filter.) -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
